Ubuntu.comUB:CVE-2021-3701CVE-2021-3701
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
15.8%
A flaw was found in ansible-runner where the default temporary files
configuration in ansible-2.0.0 are written to world R/W locations. This
flaw allows an attacker to pre-create the directory, resulting in reading
private information or forcing ansible-runner to write files as the
legitimate user in a place they did not expect. The highest threat from
this vulnerability is to confidentiality and integrity.
References
Related
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
0.0004 Low
EPSS
Percentile
15.8%